Each column represents a permission. Hover the mouse over the permission names to get more information about what they represent.
Each row represents a user or a group (often called 'role', depending on the security realm.) This includes a special user 'anonymous', which represents unauthenticated users, as well as 'authenticated', which represents all authenticated users (IOW, everyone except anonymous users.) Use the text box below the table to add new users/groups/roles to the table, and click the [x] icon to remove it from the table.
Permissions are additive. That is, if an user X is in group A, B, and C, then the permissions that this user actually has are the union of all permissions given to X, A, B, C, and anonymous.
Note that adding permissions for LDAP groups requires a specific syntax. In the default configuration all LDAP groups must be entered here in all capital letters and with "ROLE_" added on the front. For example, a group called "devs" would be entered here as "ROLE_DEVS". The prefix and case settings may be adjusted by editing the WEB-INF/security/LDAPBindSecurityRealm.groovy file in your Hudson deployment and restarting Hudson.